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Preface 


The  work  presented  on  these  pages  represents,  to  our  knowledge, 
a  uniquely  concrete  and  objective  approach  to  evaluating  some  of  the 
economic  considerations  resulting  from  the  Privacy  Act  of  1974  (PL  93 
579) .     By  using  a  computer  model  to  simulate  the  cost  impact  of  the 
Act's  requirements,  one  can  determine  the  differences  resulting  from 
alternative  approaches  to  implementing  the  mandated  safeguards. 

The  computer  model  and  the  methodology  it  represents  can  be 
altered  and  modified  to  reflect  changing  circumstances  and  different 
record  keeping  systems.     The  publication  of  this  work  reflects  our 
desire  to  improve  the  model  by  soliciting  comments  and  suggestions 
from  those  involved  in  dealing  with  the  task  of  complying  with  the 
law.     By  acting  as  a  central  collection  point  for  these  comments, 
NBS  can  provide  a  pool  of  knowledge  that  will  aid  all  agencies. 
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1.0  INTRODUCTION 

This  document  contains  a  complete  description  of  the  steps  necessary 
to  run  the  DPM  Cost  of  Privacy  Model  along  with  a  description  of  the 
computer  program.     The  computer  model  has  been  developed  for  the 
National  Bureau  of  Standards  by  the  D.  P.  Management  Corporation  of 
Lexington,  Massachusetts,  and  is  made  available  for  federal  agency  use. 
In  a  companion  NBS  document,  entitled  Methodology  for  Evaluating 
Alternative  Technical  and  Information  Management  Approaches  to  Privacy 
Requirements ,  the  algorithms  contained  in  this  model  are  explained. 
The  interested  reader  is  advised  to  review  this  document. 

The  document  is  divided  into  three  sections.     The  first  describes 
general  system  requirements  for  running  the  program.     The  second 
describes  how  to  input  information  to  the  model.     And  the  third 
describes  the  output  and  how  to  interpret  it. 

In  reading  the  output,  the  user  should  be  aware  that  computer  out- 
put run  on  "batch"  processing  with  output  on  high  speed  printers  is 
usually  limited  to  132  characters  of  printing  across  a  page. 
This  is  the  form  of  output  familiar  to  most  people.     For  many  terminals, 
on  the  other  hand,  the  number  of  characters  is  usually  limited  to  72 
characters  per  line.     Such  output  looks  very  similar  to  a  typed  page 
of  information.     The  output  of  this  model  may  be  adapted  quite  easily 
to  either  form  of  processing. 

An  important  aspect  of  any  model  is  its  ability  to  be  used  for 
comparing  numerous  results  based  on  various  assumptions.     Although  the 
Cost  of  Privacy  Model  is  not  unique  in  this  aspect,  it  is  extremely 
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important  for  the  user  to  be  aware  of  this  capability,  because  of  the 
very  obvious  subjective  aspects  of  some  of  the  input.    As  the  user 
becomes  familiar  with  the  input  and  output  from  the  model,  specific 
attention  should  be  placed  on  how  to  manipulate  the  data  and  thus  how 
to  achieve  reliable  results. 

The  model  is  not  overly  complex  and  the  input  and  output  are 
fairly  simple  to  understand.     Because  the  1974  Privacy  Act  is  new, 
however,  certain  input  values  are  difficult  to  determine.  Examples 
are: 

•  The  number  of  data  subjects  who  will  make  inquiries. 

•  The  amount  of  executive  time  necessary  to  handle 
data  disputes. 

•  Programming  time  to  develop  software  to  handle 
Privacy  Act  requirements. 

Undoubtedly,  as  experience  with  the  law  and  information  inter- 
change between  affected  agencies  grows,  additional  precision  can  be 
gained.  ,     ,  : 
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Z.O  PROGRAM  DOCUMENTATION 

2.  1  PROGRAM  EXECUTION 

Because  there  is  so  much  vr.riation  between  different  computer 
facilities,  no  attempt  will  be  made  at  explaining  exactly  how  to  make 
the  model  operational  on  a  specific  processor.     A  skilled  programmer 
familiar  with  a  unique  computer  facility  having  the  minimal  equipment 
and  the  basic  capabilities  described  below  should  have  no  trouble 
getting  the  model  to  execute. 

Language  -  ANSI  Fortran 
Length  -  531  Records 

Core  Requirements  -  Less  than  35K  Bytes 
The  program  listing  has  been  included  as  Appendix  1. 

2.2  THE  INPUT 

2.2.1  General  Comments 

The  data  for  this  model  is  put  on  36  successive  cards,  each  of  which 
is  a  maximum  of  80  characters.     This  section  will  explain  what  is  found 
on  each  of  the  records,  how  each  one  is  formatted,  and  how  this  data  is 
"read"  into  the  program. 

2.2.2  Types  of  Input 

To  make  the  program  as  generally  useful  as  possible,  it  was  written 
to  accept  input  from  standard  80  column  cards.     Installations  with  on- 
line computing  capability  may  wish  to  change  the  input  and  output  unit 
specifications  to  enable  terminal  or  file-oriented  input  and  output. 

2.3  FORMAT  STATEMENTS  IN  THE  PROGRAM 

There  are  six  different  input  formats  within  the  model.  Format 
8005  is  used  for  reading,  in  succession,  the  abbreviations  for  each  of 
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the  presently  programmed  twenty  compliance  steps*.    Three  formats 
(8001-8003)  are  used  to  read  in  various  information  about  the  system 
under  study.     800A  and  8005  are  used  to  read  several  additional  para- 
meters into  the  model.     Format  8006  is  used  to  input  data  concerning 
number  of  runs,  copies,  and  whether  a  summary  output  is  desired. 
Figure  1  is  a  list  of  these  six  formats  as  they  appear  in  the  program. 

Figure  1  -  Program  Format  Statements 

8001  Format  (8G10.0) 

8002  Format  (2G10.0,  LIO,  GIO.O,  2L10,  GIO.O,  LIO) 

8003  Format  (4G10.0,  LIO,  GIO.O,  2L10) 

8004  Format  (25L1) 

8005  Format  (80A1)  '  ' 

8006  Format  (215,  L5) 

2.4     DATA  INPUT 

2.4.1    Compliance  Step  Names     (8005  Format,  Records  #1-20) 

Presently,  there  are  twenty  different  compliance  steps  (or  tech- 
niques) analyzed  by  the  model.     Since  any  or  all  of  these  can  occur  in 
the  output,  abbreviated  names  for  each  must  be  supplied.  Normally, 
these  names  would  be  written  directly  into  the  program.    However,  since 
ANSI  Fortran  does  not  include  a  convenient  mechanism  for  specifying 
alphabetic  constants,  these  names  are  included  as  part  of  the  program's 
input.    Also,  they  are  left  as  input  so  the  analyst  may  vary  them  to 

*Compliance  steps  are  steps  an  agency  must  take  to  comply  with  the  1974 
Privacy  Act.     (See  NBS  Technical  Note,  A  Methodology  for  Evaluating 
Alternative  Technical  and  Information  Management  Approaches  to  Privacy 
Requirements,  August  1975,  for  discussion  of  specific  steps. 
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identify  alternative  techniques.     Once  they  are  set  up,  they  remain 
constant  for  all  runs  of  the  program.     Each  name  can  contain  letters, 
numbers,  periods,  or  any  other  appropriate  symbol.     The  following  names 
are  currently  in  the  input: 


1. 

Data  supply  obligation  notification 

2. 

Consent  for  additional  use 

3. 

Check  usage  authorization 

A. 

Usage  log  maintenance 

5. 

Record  existence  notification 

6. 

Record  existence  inquiry 

7. 

Record  uses  inquiry 

8. 

Data  accuracy 

9. 

Additional  data 

10. 

Data  accuracy  inquiry 

11. 

Subject  claim  storage 

12. 

Subject  claim  dissemination 

13. 

Retroactive  claim  dissemination 

14. 

Record  transmission 

15. 

Consent  to  transfer  data 

16. 

Legal  process  notification 

17. 

Physical  security 

18. 

User  training 

19. 

System  assurance 

20. 

Public  notice 

Remember,  although  not  all  twenty  compliance  steps  need  be  assessed, 
twenty  names  must  still  be  in  the  input. 

2.4.2    Execution  Instructions     (8006  Format,  Record  #21) 

The  execution  instruction  card  contains  three  instructions  which 
dictate  how  many  iterations  of  the  model  will  be  made,  how  many  copies 
of  the  output  will  be  printed,  and  whether  a  summary  output  will  be 
produced.     The  number  of  iterations  should  be  in  the  first  five  spaces, 
the  number  of  outputs  should  be  in  the  next  five  spaces.    A  "T"  (true) 
should  be  placed  in  column  15  if  a  summary  output  is  desired. 
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2.4.3  Date  of  Computer  Run    (8005  Format,  Record  #22) 

The  date  of  the  computer  run  or  some  other  run  identification  is 
put  on  the  next  (22nd)  record.     It  must  be  less  than  21  characters 
long  ^ri'i  start  in  column  1. 

2.4.4  Title  of  Computer  Run     (8005  Format,  Record  //23) 

An  identification  title  is  put  on  the  next  (23rd)  record.  It 
has  a  maximum  length  of  80  characters.     This  identifier  can  be  used 
to  keep  successive  runs  of  the  model  separately  identified. 

2.4.5  Logic  Gates     (8004  Format,  Record  #24) 

The  next  record  (24th)  contains  20  logical  true  (T)  or  false  (F) 
gates.     These  gates  should  be  set  to  "true"  (T)  if  the  compliance 
technique  is  to  be  analyzed  or  "false"  (F)  if  it  is  not.     They  are  in 
sequential  order,  as  listed  on  page  5,  in  fixed  format  in  columns  1 
through  20  of  the  record. 

2.4.6  System  Attributes     (Formats  8001-3,  Records  #25-36) 

The  last  12  records  contain  75  separate  pieces  of  information 
pertinent  to  the  computer  system  under  study  for  compliance  with  the 
Privacy  Act.     Each  of  the  12  records  contains  specific  information, 
which  must  be  placed  in  specific  locations  on  the  record.     Each  of 
the  12  records  is  listed  in  Figure  2,  in  order,  showing  the  exact 
location  for  each  piece  of  data.     The  acronjrms  used  in  this  figure  are 
explained  in  Appendix  2,  the  glossary,  and/or  Appendix  3,  the  patterned 
interview. 
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FIGURE  2  -  INPUT  RECORD  LAYOUTS 


Record  Columns 
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ONLINE 

ISTR 

NRPR 

DMS 

27 
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29 

EXEC 
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30 
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31 
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HFRM 
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32 

HUID 

HCAD 

HVER 

HTRC 

HTRU 

33 

PADT 
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pcyD 

PDCL 
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PRET 

34 

PINT 
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35 
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FRPT 

KLOG 

KSEC 
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FOBJ 

FREI 

FRUI 

36 

FDAI 

FRDS 

2.5     THE  OUTPUT 

2.5.1  General  Conunent 

This  section  explains  how  to  read  the  model's  two  outputs.  Samples 
of  the  two  output  reports  have  been  included  in  Figure  4  and  Figure  5 . 
Figure  3  illustrates  the  method  of  combining  the  two  reports  for  analysis. 

2.5.2  Definition  of  Terms  Used  on  the  Output 

TOTAL  EXPENSES  -  The  section  of  the  report  which  lists  total 
conversion  (CONV)  and  total  annual  (ANNUAL) 
costs . 

CONVERSION  EXPENSES  -  The  section  of  the  report  which  lists 
conversion  costs  by  resource. 

ONGOING  EXPENSES-The  section  of  the  report  which  lists  annual 
costs  by  resource. 

COMP.  TECH.        -  Compliance  Technique 

CONV.  TOTALS      -  Conversion  Totals 
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PROG  M-HR 


EXEC  M-HR 


CLER  M-HR 


AUDIT  M-HR 


CAP  $ 


STORAGE 


Programming  -  Manhours  -  Programming  effort 
in  dollars  and  hours  is  displayed  for  each 
compliance  technique. 

Executive  -  Manhours  -  Executive  effort  in 
dollars  and  hours   is    displayed  for  each  com- 
pliance technique. 

Clerical  -  Manhours  -  Clerical  effort  in  dollars 
and  hours  is    displayed  for  each  compliance 
technique. 

Audit  manhours  -  Auditing  effort  in  dollars  and 
hours  is  displayed  for  each  compliance  tech- 
nique . 

Capital  Expenditure  Dollars  -  Dollars  In  thousands 
required  for  equipment  are  displayed  for  each 
compliance  technique. 

The  number  of  characters  and  costs  in  dollars 
for  two  kinds  of  storage  are  displayed,  offline 
and  online. 


SLOW  M-R  CHAR  -  Slow  machine  readable  storage-characters,  offline 
storage . 

FAST  M-R  CHAR  -  Fast  machine  readable  storage  -  characters, 
online  storage. 

PROCESSING        -  The  number  of  seconds  and  costs  in  dollars  for 
two  types  of  processing  are  displayed;  schedul- 
able  (batch)  and  real  time  (online) 

SCHED  -  Schedulable,  batch  processing 

RL-TM  -  Real  Time,  online  processing 

DATA  TRANSMISSION-The  costs  for  two  types  of  data  transmission 
are  displayed;  slow  (U.  S.  mail)  and  fast 
(telecommunications) 


SLOW  DOC  -  SloW) Document  transmission  via  mail. 

FAST  CHAR         -  Fast , Characters  via  telecommunications. 
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2.5.3    Full  Output  Report 
2.5.3.1    General  Comment 

The  full  output  is  divided  into  two  sections  and  should  be 
obtained  from  a  132  character  output  device.     The  first  section  con- 
tains compliance  technique  cost  totals  and  a  breakout  of  the  conver- 
sion (nonrecurring)  expenses.     The  second  section  contains  the 
ongoing  (recurring)  expenses.     The  most  efficient  way  to  read  the 
report  is  to  place  the  two  sections  side  by  side  (See  Figure  3) . 
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2.5.3.2  Headers 

At  the  top  of  the  "combined  output"  report,  each  of  the  required 
resources  necessary  to  be  expended  in  complying  with  the  Privacy  Act 
is  printed.     They  are  divided  into  six  basic  categories:  Programming, 
Storage,  Processing,  Data  Transmission,  Administration,  and  Capital. 
Some  of  these  (Storage,  for  example)  are  further  divided  into  sub- 
categories.    In  total,  there  are  five  columns  for  the  conversion  expenses 
and  eleven  for  the  ongoing  expenses.     Below  each  of  the  category  headings 
is  printed  the  units  which  are  used  in  calculating  that  resource  costs. 

2.5.3.3  Conversion  Expenses 

Looking  at  the  "Conversion  Expenses"  portion  of  the  output,  it 
should  be  apparent  that  there  are  two  lines  for  each  compliance  technique 
(or  step) .     The  top  line  represents  the  quantity  of  resource  units 
expended,  and  the  bottom  line  represents  the  cost  for  those  units.  The 
user  should  note  these  costs  are  rounded  to  thousands  of  dollars.  At 
the  bottom  of  each  column  of  resource,  the  costs  have  been  totalled. 
The  percentage  of  this  cost  to  the  total  conversion  expense  is  also 
shown  in  parenthesis  below  the  cost.     No  calculation  of  total  units 
required  is  made. 

2.5.3.4  Ongoing  Expenses 

As  with  the  conversion  expense  portion  of  the  output,  the  ongoing 
expenses  portion  contains  two  lines  for  each  requirement.     The  top  line 
represents  the  quantity  of  resource  units  printed  with  an  "E".  They 
are  decimal  exponents  and  should  be  read  as  follows: 
.15E  +  03  =  .15  X  103  =  150  or 
.27E  +  08  =  .27  X  10^  =  27,000,000. 
The  bottom  line  represents  the  cost  for  the  units.     These  costs  are 
rounded  to  thousands  of  dollars.     At  the  bottom  of  each  column  of 
resources  the  costs  have  been  summed.     The  percentage  that  this  cost 
represents  of  the  total  annualized  ongoing  expenses  is  shown  in  paren- 
thesis.    No  calculation  of  total  units  required  is  made. 


-  13  - 


2.5.3.5    Left-Hand  Totals 

The  left  hand  portion  of  the  output  report  contains  the  total 
conversion  and  annual  ongoing  expense  for  each  compliance  technique. 
"Conversion  Totals,"  for  example,  is  the  total  of  the  five  columns  of 
conversion  expenses  located  to  the  right.    These  numbers  are  printed  in 
thousands  of  dollars.     The  conversion  and  annual  expenses  are  summed 
vertically  to  obtain  total  conversion  costs.     Each  compliance  technique 
cost  is  then  compared  to  the  two  totals  and  a  percentage  of  total  cost 
is  shown.     These  are  printed  in  parenthesis  to  the  right  of  the  cost 
value . 

2.5.4     Summary  Output  Report 

Obtaining  the  summary  report  is  useful  when  the  program  is  used 
in  a  time  sharing  mode  and  output  is  printed  at  the  operator's  terminal. 
It  fits  the  72  column  teletype  requirement  quite  well.     It  is  also 
useful  when  performing  sensitivity  analysis  since  the  analyst  can  see 
the  effect  of  data  changes  quickly  without  waiting  for  a  complete  batch 
output . 

As  previously  explained  (see  page  5g,  Record  #21  Input  Format),  to  obtain 
the  summary  report,  a  switch  must  be  placed  in  the  program  to  allow  the 
summary  columns  to  be  printed  without  the  detail. 

The  summary  output  contains  the  conversion  and  annual  costs 
associated  with  each  of  the  compliance  techniques.     These  costs  are 
described  in  thousands  of  dollars.     The  conversion  and  annual  expenses 
are  summed  to  give  total  costs  for  each.     The  percentage  which  each 
compliance  technique  contributes  to  the  total  cost  is  printed  in 
parentheses  to  the  right  of  each  cost  element.     A  sample  Output  Report 
is  shovm  in  Figure  6. 
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Figure  6  -  Summary  Output  Report 
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USRGE  LOG  MRINTENRNCE  S-  72.  Cli'.';'  $  ±6.  (.  l." 

RECORD  EXISTENCE   INQ.  *  0.  (   y";>  $  383.  OS" 

RECORD  USRGE   INQUIRIES  t-  kf.  (.  ti";>  t-  121.  (±2: 

DRTR  RCCURRCV  $  U.  C  O':;'  ^  30.  (.  3'. 

RDDITIONRL  DRTR  *  0.  <   O.'.':'  *  0.  (  0" 

DRTR  RCCURRCV   INQUIRIES  t-  0.  (   0*;;-  t-  61.  C  6" 

SUBJECT  CLRIM  STORRGE  't-  ' 0.  C   0';>  3.  <:  0" 

SUBJECT  CLRIM  DISSEN.  *  IS.  <:   2:;::'  t-  4.  <  tj' 

RETRO.    CLRIM  DISSEM.  t-  0.  c    yv>  ^  24.  C  2' 

LEGRL  PROCESS  NOflF.  V  0.  (   y'.'>  ?  (  O" 

PHVSICRL  SECURITV  t  122.  (IS";:;'  t  126.  (12- 

.USER  TRRINING  S-  28G.  (:43";:-  ^  57.  C  5" 

SVSTEM  RSSURRNCE  36.  (   5/;>  ^  .   23.  C  2; 

PUBLIC  NOTICE  t-  0.  (   m/.':'  1.  C  O." 

:+::+::+:     TOTRLS                                   _     i_  ^_  '?52.  $  994. 

NOTE-  RLL  MONEV  RMOUNTS  RRE   IN  1000" S  OF  DOLLRRS. 
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Appendix  1 


COMPUTER  PROGRAM  LISTING 


I 
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IT    lMPI>MhM5   A   MODRI    ^TiR   hJST  1    .vr  J 1J  G    THF    IMPACT  UP 
IMK    1974    FKDfclHAL   PRIVACY    ACT   UN  A 
^^i.HSOK'AL   DATA  SYSTt^'l, 

IMF    ALGI-HUTMMS  USKD   JN   THE;   fnOKL   AKr   DI-^SCRIBFD  IN 
HKTAIL  Tk 

♦•1HF   COST   lif-  PRIVACY" 
hy    RHHtPT   C,  GOLDSTFIM 
pnfiMSHFD  BY 

[fnMF  ¥KEl  L   INFDpMATinN  SYSTEMS ,  I '^■C  ,    (1975  ) 
A  li  f) 

A    MFTHODfiinGK    FOH    f-:VALIlATI  NG 
AFTf-PNATIVF    APPPOACHKS   TO  PRIVACY 
RKQIJ  tPF'-^ENTS 

I  'lHrpT   C,  GOLnSTFlN 
I'  I  CHARD   I  ,  i'OLAN 
Hf--r.PY    H,  SF^vAPD 

0,    P,    hANAGFWEWT   C^IPPUFAT  jOis 
1         T  1  T  J  A    DP  I  VE 

I   y  J  ^JG^o^  ,  massachusktts 

b  l7»eh2»«H2'^ 


►  Ui^C  >  ".".V    Gf-  T  (  N  ,  P  ,  I  #  U) 

FUNTTinr-    OFF  I  N  ITT  ON 

iTf'F    TO   RFTPTFVF   A   RECORD   FpO^.   A  FILR 
fi    -      J  "    TF   DNLI NF 
W    •    Ml,    OF    PKCf"'PiJP    I'm  file 
I.    -   1  ^NGTM   np    A  RFCURD 
Q   m   t.C,    [IF    PtCC'PiiS   TO   BF  KFTRIEVEH 

P  >.  r,  I  r 

I  ^    ( .Kw,  J  )   G'"'   Til  1 
G  t  T   r    p    «    L    •    0,0    (1  (1  0  1  1  6  7 
)  t-    t  Q  ,  L  P  ,  1  .  )    H  t  '1  U  ^'  N 
G'^'    s    t.        1,    «    0,()t'0(»OH  33  3    /  Q 
^  K  'I  i :  H  *  ^ 
1    Gt  T  =   :) ,  1  ^  0 
K  F  I  '  i )  ^^  1 
F"n 

THF   FOIJilWI'^G   ARRAY   SIZES   APE   FOR   ?S    REOUJ  KFMENTS  A^D 

\h    F  HfvCTinrJAL.   El  F^F'nS,      THF    AKRAVS   ARE   DEFlNtL)   AS   FOM  n^^S- 

guA^'      u\)^\^\Ji  of  jih  ff  NEEnEo  fhp  ith  peot 

C'lSl        CnST   OF   Jiti   FF    ntEHEr^   FUR    IlH  REQT 

UCS1       Unit  cost  of  jth  fe 

EEC  ST      THTAt   COST   FOR   JTH  FF 
FCSTC      CON  Vt.  RSI  ON   COST   FOP   ITH  HEQl-*" 

-"l7  - 


I.^^'IA     rt^riiAL  C'ST  FOP   1TH  PK,OT 

(.rjiOAv     F-Kj1i  1  Rf MKnI    niA'-'KS  -  nn<h  CHAP   PFH  wflRn 

t.iM  "THiK  "    JF    ITH   PfOT   IS  TU  hK  IfJCMinFI) 

i>A'it      D^iiK  f)F  cn'-^HintH  PUN  -  n%F,:  chai^  pfp  wopd 

'UTf.-»'      PDfvi    J  OP  NT  T  F  JCAT  I  ON   •   UP    10   f,()  CHApAClEPS 

RF.Al    PiiArM  7«s,  l^),ri3ST(2«i,  l6),ncsT(  Ih),FtCST(  I  6  )  ,  HCSTC  (  25  ) 

htAI  ^^CSTA(?5) 

I     h  Gl  l<  hpr  TC  (  ?5  ) »  PPn  A  f  2S  )  ,  KFPCT  (1  6  D  ,  OnlM 
(  ri  P  (,(•  »'   POwAf-M  ?5#  '^'l  )  #f^ATk:(20  )  ,T1TLF(B  >) 

f.nciCAb        (2^ ) 

KP  Al    tvF  US' ,  KiS  lib,  1  SCN  ,  IFPM,L,  NPFX,  JWAC,  'IN  US ,  iJ  DP  P ,  K'ppR ,  N  PLC  ,  NUST ,  K  LOG 
H  F  A  I .      r  'V  ^!  ,  T  C  AC  L  ,  N  PK  I  ,  rJ  p  II I  ,  NDA  I  ,  N  ULS  ,  Ix  A  D  y  ,  "^J  LGS  ,  NPTR  ,  tJ  LPiM  ,  KStC 
HP  AI.    I'l.isr.  ,  nCr.K  ,  T  I  IvT,  NCHK,  HNSH,  T  ^iJL,  ^'CPU 

L  r U,  .1 C  A  t ,  U  ^'  M   L ,  r>  K.  S ,  C  L 1  N  T ,  X  G ,  X  5 ,  I S  T  R ,  S  0  M  »«' 


P  A  H  A  ^K'li:?   A  SS  1  GfJ MFM5 

.^'POT  NO,   OF   PFO'TS   IN   THF  MUOhL 

NKF  NO,    OF   FE'S   IN   THE  MODFL 

f«iPLC  AVG,   riO,   OF  ACCFSS  Ct)NTRGL   e:NTRlFwS  PFP  RtCORD 

t-i{.GS         fJO,   OF  TIMKS  PEP   YEAR   IJSAGP    LOG   IS  SPIAPCHFD 
FAOY  FF-ACTION   OF   kECOPDS   10   //HJCH    "ADDITIONAL  DATA" 

tS   ADD^n    (PFP  YEAR) 
»SCrC         vSIZP    (^F  ilSFP/OPFKATnp   TRAJMlKG  CLASSPJS 
FTR  A^'^'llA^  THAlN'l'^G  VOLUME   ^S  FRACTION   OF  INITIAL 

tPG'-JT      ANNUAL   PROGRAM    r  A  T  N  TE  N  A  viC  P!    FFFUPT    AS  FRACTION 

OF   I'^'ITIAL  DFVt  LOpMENT   EFFUR  r 
IPIlM  PUN  COUNTER 

THE   NUMBER  OF    CPU   I   ST [JilC T  1 0 G   EXECUTED  T0-- 
ISC>J  SCAN   A   Flf.E   (PER  PECOpO) 

lEpM  POPNAT   A   SI^^PLE   REQUEST  TO   A   DATA  SUBJECT 

rCACL        CHECK    AN    ACCESS  CONTROL  LIST 
f/.AC         WFllE   AN   ACCtSS  CONTPOb  Ef'll-Y 


DATA  OT,  NF  E,  lipLC,  NLGS/FALY  ,  SCLS,FTR,  P^G^nJ^  ,  I  RUN 
1  /  ?  f . ,  1  6  ,  0  . 5  f  5  2  .  U  ,  0  .  0  0  0  1  ,  1  0  ,  0  ,  f ) .  2  ,  0  ,  2  ,  U  / 

DATA    I  sr  r.' ,  T  F p H  ,  7  C  AC  L  ,  T  W  AC 
1  /2o'jO,,  100(», ,1  000. #500,/ 


SfATEMEI'l    pUNCiroM  r)hFlf'lTXON 


TIMP.    TO   SORT    P    RECORDS   OF    hEUGT'.]  r, 


Si»H(l  ,f,)   s  R  «  L  *  O.0OUO21H 

■i  1  r  r 

T  fipll  T    EUPMATS       ,    ,  ■ 

8  00  1  FORMAT ( PGl n ,0) 

eu0  2  FORI  AT  f  2G  1  0  ,11,  I  1  O,  Gl  u  .0,  2L1  n,G10,0,  Ll  0) 

POOi  FnHMAT(4Gl 0,n,LlO|GlO,0,2Ll  0) 

8004  EOR-^Ai  (  25'  1  ) 

8  0'>S  FDPf  P  r(  HfiAl  ) 


800^  FiJKr'.M  <  7ri>,l,5) 
C  I 

c 

c 
c 

[)')  4  0  0    T=1  ,  UkU'[ 
4f>0        AD(  5,  POOS  )    (  HON  AM  (  i  ,  .J )  ,  JcJ  ,  ?fl  ) 

c  . 
c 

c 

C  l.'f-lir  s   -   MP,   OK   Fill's  .(SfciTS  UF  JN'PUT) 

C  NCdf-S   -   NO,   OF   OUTPUl    COPTr.S   TU   HF  PRINTED 

C  \        SiiMv  ,   "ipuF"   IF  OMLY  SUMMARY  UUTPU T 

C  IS  TU   BF  PRIhTFD 

c 

K^•A^^  s,poob  )  ^■F<^NS, ncops, su'^m 

800   kKAO( 5 , Pu05 )    (DATK ( K ) , K«l , 20 ) 
Aim  b, POOS)    (TITl K(K),K  =  1 ,80) 
^-t  Ar)(S,flOu4  )    (  FOT(  1  )  ,  Isl  ,  NFOT) 

c 

C  SVSIFM  ATTFIBUTFS 

RF-AfM      HU')  I  )    IMSUB,  N  RFC,  THPT,  TV  AL,  NCHK  ,  SFtC,  NUSR 

PFAU(  f>,hOO;>)    ^'US^  »NCLK,CLINT,NTRN,0NL1NF,  I  STR  ,  NRPR  ,  OMS 

PEAO(5,ton^)   SAM5»NFRM,QFRM,^NI.,PM,  I  SRC  ,  TC  P  iJ ,  X  G ,  X  S 

c 

C  FF  rnsTS 

PFAI>(5,  3  0')1  )    SMpS»FMRS,SCPH,PTPR,SDTH,F()TR,sySP,  APPP 
RFADf  5  ,  eioOl  )    F  X  FC  f  C  LFF  ,  A  IIDI 

c 

C  STZFS 

pFAn(s,,  Hooi)  5ADP,sCL^,SLnG,  iwur.,  IIiJT,TAn  r 

c 

C  M  A  M  -  H  n  I )  P  s 

^^FAD(  ^,  HO^'I  )    HAHT,  HFP^,  M5PL,Hv)DG,HPCli,HGSN,  HlNo,HGRr) 

pr-:Ai;(  5,  Prn,  )    KU  I  L>  ,  HC  AD  ,  H  V^JR  ,  HTHC  ,  HTRU  (-^ 
C  ^ 
C  PPnGRAM»v:i[jG 

RFAOf  5,  woni  )  ^A0T,PIJID,pNOT,PACC,PCVD,PDCL,PLnG,PRFT 

HFAn(S,MOiit,)  FJMT,PWAC 

C 

C  MTSCfi  r.LANFOUS 

RtiAD  <  S  ,  PO'^  1  )  .VMIS*  FPFT  ,  K  LOG  ,  KSFC  ,  PKGMN  T  ,  Fi  )B  J  ,  F  R  E  1  ,  F  P  U I 
hF/'-M  ^< ,  '^r,oi  )    I-  DA  I  ,  FRDS 

c 
c 

C  Se  r   UP  PAPA'^FTERS 

c 
c 

C  US^GF   LOG   Ph,TFN!Ifif^  TIMF 

c 

ILGP    =  TRPl 

IF    ITI  GH.LT,"?,)    TIGP  s  S, 

C 
C 

C  5IZF  OF  SUPJECT'S  CLAIM 

C 

IF    ( i;CLM,LT,e>00)   SCLM  a  bOO, 
'  -19- 


C  (I'ti  iivF  vim; 

C 

c  . 
c 

C  STZt  Of  USAGE  \jUG  KWTny 

c 

c 
c 

C  FHACTIUN  HF  KXPIRIMG  HfcCnHDS  CHECKR;!)  PER  YEAR 

c 

c 
c 

c 

•iPFI  s  FRPlltNKFC 

nF-UI  s  FPUI«NF<t'] 

wUAl  s   t.uAT*NREI  ■  J    •  ' 

(^I)OS  s    ( 1  ,-FFDS)«NnAI 

c 
c 

C  AOnlTIONAL  DATA  T^iCTPEfJTS 

c 

c 
c 

C  ChFtU   ACCUMULATUHS  '  "  ' 

c 

f^'J   2  0  0    Ir  1  ,  iJROT  .  ■ 

fCSlfl.(I)  SI-, 

iVi  70.'>  J=J  ,  WFF. 
200   1,0 AK'  ('1  ,  J  )   sC  , 

U()  '^u  1  .1  =  1  ,  'JFF 
2U1    FFCSl(J)    e  (1. 

1  C Sir  s  .... 

TCSIA  so, 

c 
c 

C  vSTAh  »    (IF    IMPACT  MPUKL 

c 

C 

C  ''>ATA   .SUPPLY   OBLTG,   NOTJF,  (F)(3) 

C~ 

1    IF    (  .i  frr.RQT  r  1  )  )   GO  TO  2 
IK    (aG)   Gn  TO  ? 

fv'iA^  (1,  2)   s   HF  PM«  ( 1  ,40  ,  ?•  (  ijFHv,.j  , )  ) 
UiJAf(l,fc,)   s  r^Ff<M»UFPM«0,015 

C 

c 

C  CQNSFNT   FOR   ADD'L   USfc  (B) 

c 

?    ]  F   (  ,^'nT,R(n  (2)  )   GO  TO  3 
(vUAf'.  (  2,  1  )   c  PNUT*P**AC 
(jMAf^r?,l>)    s   PPGMWT#ailAM  (2,  1) 

JUA^    (2,Q)   B  ^SnB*( n .♦FKPT)#(TCPU#( ISCN+TFPM) )+FnBJ# 
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1  (  0,5«Gf' T(OnLM,  nHKCSPRC  ,KUft.l«"HEC)4TCP'U*  I  WAC)  )«WM1S 

c 
c 

C  (I.SAGK    AUTfUiP  1  ZftTinN  (B) 

c 

3  ]F  ( n r.POT f 3) )  GO  to  4 

upf^P   s  '  1  ,♦0,  l*(NipPR-l  ,) 
f  f-    (  U^\S  )    M  ^HP  s   1  , 

s  Pl)in4PACC«WI)Rp 
wUA''f3,8)    s   Pf^GMNT»QUAN(3,  1  ) 
5AC1K  =   1  ?,«  (HUSTt"^REr#NHl,C) 
Tf-'    (HMffTME. )  QUAN(3,Q)SS^CT|E< 
!»•    (  ,  ■•'OT.DNL  I      )   UUANr  3»  7  )cSACTK 
PK(»C   =  I  TFN#(Gf-.T(  J  ,NUSTrl5,,l  .)'»'2,*lCACf4»TCPLJ) 
1^    (Ui'LlNM    QUAKJ  (  3  »  1  0)sPHi)C 
TF"    (  .'■.nT.OM.U^K)    OIJAN(  3»*^  )bPROC 
je'   (CI'TfiDOUA^C  3#  1  4)sNTPN#Hliin 

C 

c 

C  USAGf-J   LOG   MAI  KJTtMANCF:  (C)(1) 

G 

4  IF  t .NOT ,Hgr(4 ) )  Gn  tn  5 
(^LiA(v  (  4,1)   =   Pf  OG 
UtiAr'(4,6)    e   PFGMNT»0L1AM  f  4,  1  ) 
ULiAf>(<),7)   s  SLOG*NTpM«niGH 
PhyiC   -  '!TP'M»iCPll#lA.UI, 

J>-   (O'^LirE  )  QnAN(4,  in)sPKnc 

IP    (  ,'07  ,nr'l,  I'^t  )    UUAN  (  4  r  ^  )nPR{lC 

Oi'.av  (  .4,  ij)   =   Q[)AN(  4,  9  )  4  36*j  .♦SDf'T  (UTP  M/305  ,  ,  510(4) 
u;JA^(4,|f>)   c  KLOG 

C 

c 

C  l-FCOMD   KXTSTKMCf""  'JOTIF, 

C  (  ihfvS  RFyj  'iOT    INCLUDED   1 FJ  P.L,  93-b7'-») 

^>   K0Tf5)   s  .FALSt, 
G")  6 

c 
c 

C  I  FCOKD  SXISTKNCK  ruoiJiHifcs  (n)(n 

c 

b        (  ,<'0J  ,nQ  r(h)  )   GO  TO  7 
JK    (XG.'ip.XS)   Gn   10  p 

Ui'A  'J  (  b  ,  t  )    X  pi 

U    (,^n'l,rv^^•,)    QU  Af' (  6  ,  t  )  sUUAfJ  (  b  ,  I  )  ■^t'HfcT 
tvl'AMt.,b)    s   PHGMfj  J  #OIJAN  (  b  ,  1  ) 
•^U  A'.  (  6  ,  1  1  )    =    HI  i.!(j*iviPF  I 

w  u  A  f  ( 6 ,      =  2  5  0 ,  •  G  t;  r  ( n  f  1 1,  rJ ,  n  p  kc  ,  s  R  FC ,  ( 0 , 0  0  4 »  m  r  f  t  ) )  +  .m  p  e  j »  re  P  u  ♦  ll  n  t 

c 
c 

C  lUCOKD  USAG^'   IWOllIPIhlS   (C)  (3) 

C 

7  (  ..'^OT.RgTf  7  )  )    GO   TH  R 

■U'JA^(7,14)    sH  f  !jO«  i-iROI 

'Ji)A-f  7,  9  )  c  .«(PUI«Gt:T(0,  r'RF.:C,  (?0,#MTH'-J»rLG^f/'JpFC  ) ,  (NPUI  +  MDAl)  /NLGS) 
f^"A''(7,  IDs  ^  PUI 

C 

C  OATA  ACCUpACir  (t:)(5) 


J  H   (  ,  "1  ,  f'<JT  (  ^  ) )  f-t)  in 

SKP>     s    Skt-.C*  (  i  , -F  VKW  )  «  f  ^JHKf  /  (  ?  ,  «1  VA'' )  ) 

J  t   (  n  in  ,       I  Vwr  )  srphsO 

IK    (  n  i,  I.  T  ci    )    JUA^  (  b  r  8  )sS  rUP 

IK    (  ,(<M..  I^h  )    OUAN  (  H  ,  7  )bSTUH 

U'ja^'  (  «  ,  1  )=   rcV()#  C  1  ,  40  ,  1  «  ( "JHPH-I  )  ) 

uUAt.  (ii,6)    =   PfWi^ivT  ^OUAivJ  (  b  ,  1  ) 

MM    (  H  ,  14  )r   HVh.^;•KVR;R«o  ,?>«r»Pb  C/rVAL' 

C 

c 

C  Ani'l  J  1  (J'JAI.  DATA   (  F  )  f  S  ) 

C 

Q    I  K    (  ,:d)T,P0T(9)  )    GO   Tfl    1  O 
'  S]  ()|.   =  r.Ani^*TPPT«SADl) 
U    (U'L,  UK)    Ul'Ah  f  9  ,  R  )rS  r'.IP 
Jr    (  , 'v(n  .(11*1.  I  ht  )    OUAN  (  9  ,  7  )B5TnH 
..Mit\ (  q  ,  ^  4  )s  fJ^^Y#^^CAD 

C 
C 

C  OATA    ACCUPACY    INQUlPltS    ( H ) f 2  ) 

C 

1  ('   IK  (  ,t  OT.PQTf  10))  (.;n  Tn  n 
(  aG.P.H.XS)    Gn   IQ   1  4 
ijI'Al  (10,13)    =    tiOA  I#HJi:)G 

c 
c 

C  .<i(if^JP,CT  CLAIM  STHRAGK  (n)(3) 

c 

n    I  K   (  .'.C  T.POI  (  1  1  )  )   GO  TO   1  ? 

ti!'A'>  ( 1 1 , 1  4 )  =  Mrct»f^uns 
S  I  OK  s  '  uPs«TP^^T»sC^^' 

I  i-if  1,1  DK  )    OUAM  (  1  1  ,  p  )    s  STOP 
U     (  ,    'I  f.DiJLll^K)    UIIAN  (  n  #  7  )5STIIP 


C  SilfiJKCl    CLAIM   D  rsSf:        ATTO^xl  (n)(4) 

c 

1  >    U    (      0  1  ,KfjT(  1  2)  )    GO   Tn  M 

tv'iAf(lp,])    =   fM)CL«(l  ,4f),i«('.iRPP-J  ,)  ) 

uMl/\i'  (  1  •?  ,  b  )x    PKGMnT*UUAIJ  (  1  2  #  1  )  '* 

r,  1  p    s  3 "  0  , 

IK    (  1  3  IV  )    OPSsl r 0 ,  ' 
T  I  r,      -   DpStfiA^'S*  TCPU 

pi'uC   s   aTK:-J»  I  Nljns*  I  RPT/'iPFC  )  •  (  SCL^ /SH'iir  )  *  11  P'l 

1^    (fi.MJK)    QUAill2f10)s  PpnC 

IK    (  ,  r,  UT  ,nr;I,  I  f     )    UilAK(l?,Q)    =  PROG 

J  f-    ("•LINK)    (j(JAN(12,12)    s    (  lvUns#TPRT/  lH(i:C)«^TP|\i#SCI..fi 

C 
C 

C  ('.I- TP'i/\(-TiiVR:   claim    DISSKK  J    AT  lor:    (  C)  (  1  ) 

c 

13    IK'  (  ,    OT.P(j|  (13))    GO   TO  14 

.  (j"  A  •  (  I  3  ,  9  );    NLA  I  «GkT(  0,  MHKC  ,  (  20  ,  *NTRi^  »'!  LG^  /  i  K  KG)  ,  (  'I  R  U  I  •»  F^J  I)  A  J  )  /^LGS) 
w  lAr,  (13,14)    =    MGS'^»N1)AT  »»IJTRM#  rLGP/NRbC 
u'iA    (M,ll)    s    KPA  1  *imTRN#TLGR/MRF  C 

C 

c 

C  i<KCOPl)   TK<AI>iSMlSSTU  J 

C  C^IOl    IWCLHUtO    TN    P.I- ,')3-'S79) 
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i  ^    h'.-  F  (  1  J  J    s    .KM  .SI-  , 

C 

c 

C  rnr;sf.-,vf  in  IPANSFf-K  DATA  (B) 

c 

r,n  III  ir 
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APPP  -  Cost  of  applications  programming, 
AUDT  -  Cost  of  auditor  time. 
CLAS  -  Characterization  of  system. 
CLER  -  Cost  of  clerical  time. 


CLINT  -  If  there  is  a  clerical  intermediary  in  obtaining  personal 
data,  CLINT=T,  if  not  CLINT=F. 


DMS  -  A  logical  variable  DMS=1  if  a  DBMS  exists,  0  if  it  does  not. 
A  DBMS  negates  the  requirements  for  PRET. 

EXEC  -  Executive  costs. 

FADY  -  The  percentage  of  records  to  which  additional  data  will  be 
added  each  year. 

FDAI  -  The  percentage  of  individuals  making  a  record  existence  inquiry 
who  challenge  something  in  their  record. 

FDTR  -  Cost  of  fast  data  transmission  (Telecommunication). 

FOBJ  -  The  percentage  of  data  subjects  who  may  be  expected  to  object 
to  a  proposed  new  use  for  their  information.     If  a  subject 
objects,  his  record  must  be  so  annotated  and  blocked  from 
use. 

FMRS  -  Cost  of  fast  (Online)  machine  readable  storage, 

FRDS  -  Frequency  of  data  accuracy  disputes  resolved  in  agency's  favor, 

FREI  -  The  percentage  of  records  in  the  system  that  will  be  subject 
to  record  existence  inquiries  per  year. 

FRPT  -  The  percentage  of  NSUB  which  will  require  follow-up  letters 
to  obtain  consent. 


FRUI  -  Frequency  of  record  usage  inquiry. 


FVER  -  The  percentage  of  records  expiring  each  year  that  are 
reverif ied . 


GET  -  GET  is  a  function  used  by  several  of  the  algorithms  to  determine 
the  time  necessary  to  get  a  record  from  the  file.     There  are 
four  items  used  by  the  GET  function  (N,R,L,Q). 

N  =  T  is  the  data  base  is  online.     If  this  is  true,  GET  =  .14. 
This  parameter  may  be  varied  when  it  is  necessary. 
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N  =  0  if  offline 

R  =  Number  of  records  in  file 

L  =  Length  of  a  record 

Q  =  Number  of  records  to  be  retrieved 

If  Q  is  less  than  or  equal  to  one,  one  half  the  file  must  be 
read  and  access  equals 

GET  =  R*L*1/120, 000/2 

If  Q  is  greater  than  1  and  N  =  0,  the  entire  file  must  be 
read  and 

GET  =  R*L*1/120,000/Q 

The  GET  function  is  based  on  the  following  assumptions  about  file 
organization  and  usage: 

Online  data  bases  are  assumed  to  be  organized  using  the  Indexed 
Sequential  or  equivalent  method.     Access  to  a  single  record,  at 
random,  will  then  require,  on  average,  four  disc  accesses.  A 
time  of  35  milliseconds  per  access  is  used  as  being  reasonably 
typical  of  today's  high  performance  disc  systems. 

Offline  files  are  assumed  to  be  stored  on  tape  using  technology 
that  permits  reading  the  tape  at  a  rate  of  120,000  characters 
per  second.     If  only  one  record  is  to  be  retrieved,  one  half 
the  file  must  be  read,  on  the  average.     If  more  than  one  record 
is  to  be  retrieved  during  a  single  search,  it  is  assumed  that 
the  entire  file  will  be  read  and  the  total  time  allocated 
equally  among  all  the  records  retrieved.     1/120,000  is  the 
amount  of  time  to  read  one  character  in  the  file. 

HADT  -  Manhours  per  year  of  audit  time  to  assure  compliance  with  the 
Privacy  Act. 


HCAD  - 

Clerical 

hours  to 

HFRM  - 

Manhours 

required 

HGRD  - 

Manhours 

required 

HGSN  - 

Clerical 

hours  to 

HINQ  - 

Clerical 
clerical 

hours  re 
tasks . 
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HJDG  -  The  number  of  hours  required  to  receive  and  act  on  one  data 
accuracy  inquiry. 

HPCL  -  The  hours  needed  to  prepare  and  enter  one  subject's  claim. 

HTRC  -  Number  of  class  hours  necessary  to  train  clerical  personnel. 

HSPL  -  Hours  required  to  develop  a  physical  security  plan  and  audit 
procedures. 

HUID  -  The  number  of  hours  of  clerical  time  required  to  confirm  the 
identity  of  a  person  submitting  an  inquiry. 

HTRC  -  Hours  required  to  train  operators  in  security  and  privacy. 

HTRU  -  Hours  required  to  train  users  other  than  agency  personnel. 

It  is  assumed  that  the  agency  maintaining  the  data  base  will 
train  other  agency  users. 

HVER  -  Clerical  hours  to  reverify  one  expiring  record. 

IFRM  -  The  number  of  CPU  instructions  to  format  a  request  to  data 
subj  ects . 

TINT  -  Number  of  instructions  to  generate  a  comprehensive  hardcopy 
or  records. 

ISCN  -  Instructions  to  read  next  record. 

ISRC  -  Personal  data  from  subject. 

ISTR  -  A  logical  variable  whose  value  is  true  if  the  system  primarily 
processes  structured  inquiries  and  false  if  inquiries  are 
primarily  unstructured.     Unstructured  inquiries  require 
greater  amounts  of  transaction  processing  time. 

IWAC  -  The  number  of  CPU  instructions  to  write  control  access 
information. 

IWUL  -  Number  of  CPU  instructions  to  write  data  in  usage  log. 

KLOG  -  The  annual  dollar  cost  of  additional  equipment  needed  to 
maintain  the  usage  log. 

KSEC  -  The  dollar  value  of  additional  equipment  needed  to  achieve 
an  appropriate  level  of  security. 

NADY  -  The  number  of  additional  data  fields  added  to  the  system 
per  year. 

NADY=FADY*NREC 


NCHK  -  Number  of  existing  ("Old")  records  checked  each  year. 

NCLK  -  The  number  of  clerical  personnel  associated  with  operation  of 
the  system. 

NDAI  -  Number  of  data  accuracy  inquiries  per  year. 

NDRP  -  The  number  of  application  programs  which  directly  access  the 
data  base.     NDRP=1  if  a  general  data  management  system  is 
used  to  handle  all  requests  for  data  by  applications  programs. 

NFRM  -  The  number  of  distinct  data  collection  forms  used  by  the 
personal  data  system. 

NLGS  -  The  frequency  of  searching  the  usage  log  per  year. 

NLPN  -  The  number  of  legally  enforceable  requests  for  data  received 
per  year. 

NNSB  -  Number  of  new  subjects  added  to  file  per  year. 

NNUS  -  Number  of  new  uses  for  the  data  base  each  year. 

NREC  -  Total  number  of  data  subject  records.     It  may  be  greater  than 
NSUB  as  one  individual  may  have  more  than  one  record  in  the 
data  base. 

NREI  -  Number  of  record  existence  inquiries  received  per  year. 

NREI=FREI*NREC 

NRLC  -  The  number  of  record  level  access  control  fields  per  record. 

NRPR  -  The  number  of  record  retrieval  programs  utilizing  the  data 
base. 

NRUI  -  Number  of  record  usage  inquiries  per  year. 

NSUB  -  The  number  of  individuals  about  whom  identifiable  personal 
data  is  stored  in  the  system. 

NTRN  -  The  average  number  of  transactions  processed  by  the  system 
per  year. 

NUDS  -  The  number  of  data  accuracy  inquiries  that  are  not  settled 
and  must  be  added  to  the  data  base  per  year. 

NUDS= ( 1-FRDS ) *NDAI 

NUSR  -  Number  of  potential  users  of  the  system. 
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NUST  -  The  number  of  sets  into  which  all  users  can  be  lumped  for 
access  control  purposes. 


ONLINE  -  ONLN 

ONLN  -  If  the  data  base  is  online,  0NLN=1.     If  the  data  base  is 
offline,  ONLN=0. 

OPS  -    Variable  which  =  300  if  system  inquiries  are  unstructured  and 

100  if  inquiries  are  structured.  Used  with  ISTR.  Unstructured 
inquiries  are  assumed  to  require  three  times  as  much  processing 
time  as  structured  inquiries, 

PACC  -  Programming  hours  to  implement  record  level  access  control, 

PADT  -  Programming  hours  needed  to  prepare  all  the  programs  required 
by  system  auditors, 

PCVD  -  The  amount  of  programming  hours  to  implement  the  verification 
date  check  in  one  record  retrieval  program, 

PDCL  -  The  programming  hours  to  modify  a  record  retrieval  program 

to  include  the  claim  field  in  its  response  to  all  inquiries, 

0,1*  (PDCL)  -  The  additional  hours  necessary  to  modify  subsequent 

retrieval  programs  after  the  first  program  has  been  modified, 

PINT  -  Programming  hours  to  produce  a  copy  of  all  the  information 
relating  to  a  specified  individual  in  comprehensible  form, 

PLOG  -  The  amount  of  programming  hours  required  to  implement  the 
usage  log  capability, 

PNOT  -  The  amount  of  programming  hours  necessary  to  generate  a  program 
for  writing  form  letters  to  all  data  subjects, 

PRET  -  Programming  hours  to  permit  retrieval  of  all  the  data  on  a 

specified  individual  if  no  data  base  management  system  (DBMS) 
is  used,  ;    ; o 

PRGMNT  -  The  percentage  of  initial  programming  hours  required  annually 
for  program  maintenance, 

PRSB  -  Print  subject's  file  in  "comprehensible"  form, 

PUID  -  The  programming  hours  required  to  add  a  user  identification  to 
the  system. 

PWAC  -  The  amount  of  programming  hours  necessary  to  generate  a  program 
to  permit  the  recording  of  all  access  control  information 
within  the  data  base  and  within  each  subject's  record. 


QFRM  -  Inventory  level  of  each  form  on  hand, 

QUAN(i,j)  -  An  array  used  for  programming  and  convenience.  The  i 
subscript  relates  to  the  compliance  step.  The  j  subscript 
relates  to  the  type  of  resource. 


i  Values 

1,  Data  Supply  Obligation  Notification 

2,  Consent  for  Additional  Use 

3,  Check  Usage  Authorization 

4,  Usage  Log  Maintenance 

5,  Record  Existence  Notification  (not  required  by  1974 
Privacy  Act) 

6,  Record  Existence  Inquiries 

7,  Record  Usage  Inquiries 

8,  Data  Accuracy 

9,  Additional  Data 

10,  Data  Accuracy  Inquiries 

11,  Subject  Claim  Storage 

12,  Subject  Claim  Dissemination 

13,  Retroactive  Claim  Dissemination 

14,  Record  Transmission  (not  required  by  1974  Privacy  Act) 

15,  Consent  to  Transfer  Date  (not  required  by  1974  Privacy 
Act) 

16,  Legal  Process  Notification 

17,  Physical  Security 

18,  User  Training 

19,  System  Assurance 

20,  Public  Notice 


j  Values 


1,  Programming  (Conversion) 

2,  Executive  Time  (Conversion) 

3,  Clerical  Time  (Conversion) 

4,  Auditor  Time  (Conversion) 

5,  Capital  Expenditure  (Conversion) 

6,  Programming  (Annual) 

7,  Offline  Machine  Readable  Storage  (Annual) 

8,  Online  Machine  Readable  Storage  (Annual) 

9,  Schedulable  Computer  Processing  (Annual) 

10,  Real  Time,  Online  Computer  Processing  (Annual) 

11,  Slow  Data  Transmission  (Annual) 
12 o  Fast  Data  Transmission  (Annual) 

13,  Executive  Time  (Annual) 

14,  Clerical  Time  (Annual) 

15,  Auditor  Time  (Annual) 

16,  Capital  Expenditure  (Annual) 


RTPR  -  Cost  of  instantanous  processing. 
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SADD  -  The  amount  of  storage  space  in  characters  that  would  have  to 
be  allocated  for  each  occurrence  of  an  additional  data  field, 

SANS  -  Size  of  average  inquiry  answer  in  characters. 

SCLM  -  Characters  needed  to  express  one  subject's  claim, 

SCPR  -  Cost  of  schedulable  processing, 

SDTR  -  Cost  of  slow  data  transmission  (U.S,  Mail). 

SLOG  -  Size  of  log  entry. 

SMRS  -  Cost  of  slow  (Batch)  machine  readable  storage, 
SYSP  -  Cost  of  systems  programming. 

TADT  -  The  amount  of  computer  hours  required,  per  year,  to  support 
the  system  auditor. 

TCPU  -  Time  in  seconds  required  to  execute  1  instruction. 

TLGR  -  Length  of  time  an  entry  is  maintained  in  the  usage  log  in 
years . 

TTRN  -  The  computer  time  in  seconds  needed  to  process  one  transaction, 

TTRN=OPS*SANS*TCPU 
TRRT  -  Number  of  years  a  record  is  retained.       .      ,  , 
TVAL  -  The  number  of  years  that  information  can  be  considered  valid. 
XG  -  If  agency  is  exempt  due  to  law  enforcement  XG=T,  if  not,  XG=F. 
XS  -  If  agency  is  exempt  for  other  reason  XS=T,  if  not,  XS=F, 
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Appendix  3 

Patterned  Interview  Format  for  Data  Gathering 

1.  This  appendix  contains  the  questions  used  to  obtain  the 
data  base  input  necessary  to  use  the  privacy  model.  The 
specific  datum  is  listed  below  the  question. 

2.  Questions  without  a  specific  datum  are  general  in 
nature  and  are  used  to  get  general  Information  concerning 
the  data  base. 
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Data  Collection 


Section  I:    System  Attributes 

1.    Which  of  the  following  application  areas  best  characterizes  your 

system?    (If  more  than  one  applies,  please  indicate  the  most  important 
one,  and  answer  all  remaining  questions  with  respect  to  just  that 
part  of  your  total  system.) 

.....  Credit 

  Education 

  Employee    (Not  a  program  input) 

  Health 

  Insurance 

  Law  Enforcement 

  Welfare 

  Other  (Please  specify:  ) 


2.    Hoiv  many  individuals  are  subjects  of  identifiable  information  in  your 
system? 

Number  of  individuals 


3.     How  many  separate  records  does  the  system  contain?    (Some  systems 
may  be  organized  with  more  than  one  record  per  individual.) 

.N.Rf.C. 

Number  of  records 


4.    How  many  new  individuals  are  added  to  the  system  in  an  average  year? 
NNSB^  (Not  a  program  input) 

Number  of  individuals 
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5.    For  how  long  are  records  retained  within  the  system? 

..JRRT.... 

Number  of  Years 


6.    For  how  long  (on  the  average)  is  data  about  an  individual  valid  for 
its  intended  use? 

JVAL  

Number  of  Years 


7.      Is  there  a  regular  program  of  periodically  revalidating  information? 
Yes  or  No        (Not  a  program  input) 


8.  If  so,  how  many  "old"  records  are  re-checked  each  year? 

. .NCHK  

Number  of  Records 

9.  What  is  the  average  size  of  a  record  (in  characters)? 

SREC 


Number  of  Characters 


10.      How  many  individuals  are  potential  users  of  your  system;  that  is, 
how  many  may  initiate  transactions? 

NUSR 

Number  of  Individuals 


11.    If  these  users  can  be  lumped  into  sets  for  access  authorization  pur- 
poses, how  many  such  sets  are  there? 

_NIJST  

Number  of  Sets 
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How  many  individuals  are  involved  in  the  operation  of  your  system 
including  data  entry  and  other  clerical  tasks? 


NCLK 

Number  of  Individuals 

Are  inquiries  made: 

Clr.INTfF  directly  by  the  person  wanting  the  information,  or 
'r'rJt^JfT  by  a  clerical  intermediary? 


How  many  transactions  are  processed  per  year  (on  the  average)? 

NTRN 

Number  Transactions/Year 

Are  transactions  processed: 

ONLINE?!  interactively,  or 

Q'^VJ^'^fl  using  online  batch  techniques,  or 


Does  your  system  permit: 

only  specific,  highly  structured  queries,  or 
ISTRfT  unstructured  browsing? 


How  many  transaction  processing  programs  exist  in  your  system? 

..NRPR  

Number  of  Programs 
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18.      Do  transaction  processing  programs  access  the  data  base: 
.Pl^3.  directly,  or 

  through  a  general  purpose  data  management  program? 

If  so,  which  one?  


19.     What  is  the  average  size  (in  characters)  of  the  answer  your  system 
provides  to  a  query? 

^  SANS  

Characters 


20.  How  many  different  data  collection  forms  do  you  use? 

^  N F RM   

Number  of  Forms 

21.  How  many  copies  of  each  data  collection  form  are  normally  on  hand? 

^  qFRM   

Number  in  Stock 


22.    How  many  times  per  year  do  you  receive  a  legally  enforceable  request 
to  supply  data  about  an  identifiable  individual? 

.  .HUP.H .... 


23.    Does  most  personal  data  in  your  system  come  from: 
?S.RC=T  ^i^g  subject,  himself,  or 
ISRCtR  someone  else? 
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24.      What  computer  model (s)  is  (are)  used  to  run  this  system? 
.List.  Cppiputers. 

■    :  i. 

(Not  a  Program  Input) 


25.    Is  your  system  accurately  described  by  the  following: 


"a  system  of  records  maintained  by  an  agency  or  component 
thereof  which  performs  as  its  principal  function  any  activity 
pertaining  to  the  enforcement  of  criminal  lawsT*^ 


26.    Is  your  system  accurately  described  by  the  following: 


"a  system  of  records-- 

(1)  of  investigatory  material  compiled  for  law  enforcement 
purposes  (other  than  those  described  in  the  preceding 

question) ; 

(2)  maintained  in  connection  with  providing  protecting  services 
to  the  President; 

(3)  used  solely  as  statistical  records;  , 

(4)  compiled  solely  for  the  purpose  of  determining  eligibility 
for  Federal  civilian  employment,  military  service.  Federal 
contracts,  or  access  to  classified  information; 

(5)  of  testing  or  examination  material  used  solely  to  determine 
individual  qualifications  for  appointment  or  promotion  in 
the  Federal  service; 

(6)  evaluation  material  used  to  determine  potential  for  promotion 
in  the  armed  services.    ,  ,         ,  / 


X6 


Yes  or  No 


Yes  =  T 
No    =  F 


XS 


Yes  or  No 


Yes 
No 


T 
F 
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Section  II:    Resource  Prices 


This  section  asks  you  to  estimate  the  unit  costs  to  your  organization  of 
various  information  processing  resources.    Please  include  in  your  esti- 
mates ^^ny  overheads  or  other  indirect  costs  that  may  be  associated  with 
each  item.     DON'T  FORGET  TO  STATE  YOUR  UNITS  FOR  EACH  ANSWER.     If  costs 
are  difficult  to  determine,  can  you  supply  numbers  of  people  involved 
or  other  indicators  of  cost. 

27.  Sequential -access ,  machine-readable  storage  -  i.e.,  magnetic  tape 
or  punched  cards: 

. .  .SMRS_  . 
$/Character/Yr. 

28.  Random-access,  machine-readable  storage  -  i.e.,  magnetic  disks  or 
drums,  or  bulk  core: 

FMRS_ 
$/Character/Yr. 

29.  Schedulable  computer  processing  -  that  is,  processing  which  may  be 
preplanned  for  convenient  times: 

__SCPR_ 
$/Sec. 

About  what  percentage  of  total  computer  processing  is  schedulable? 
  (Not  a  Program  Input) 

30.  Non-schedulable  computer  processing  -  that  is,  processing  which 
must  be  performed  instantly  when  demanded: 

RTPR 
$/Sec. 

Percentage  of  total  processing  non-schedulable: 

  (Not  a  Program  Input) 
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31.      Slow  data  transmission  -  i.e.,  U.  S.  Mail: 
...SDJR... 

$/Doc. 


32.    Fast  data  transmission  -  via  communications  lines: 
FDTR 

$/Character 


33,    Systems  programming  -  including  related  computer  time  and  other 
support 

_SYSP  _ 
$/Hour 


How  many  people? 

(Not  a  Program  Input) 


■,,■■.1  \  ■ 

34.    Applications  programming  -  including  computer  and  other  support 
APPP  ... 
$/Hour 

How  many  people? 

  (Not  a  Program  Input) 


35.     Administration  -  policy  creation  and  review,  training,  enforcement 
of  regulations: 

EXEC  

*  V/Hour"*  v^,  , 
How  many  people? 

  (Not  a  Program  Input) 
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36.      Clerical  processing  -  data  entry,  filing,  handling  inquiries 
...CL^ti... 

$/Hour 

How  many  people? 

   (Not  a  Program  Input) 


37.    Audit  -  system  performance  monitoring  -  quality  control 

AUDI 

$/Hour 
How  many  people? 

  (Not  a  Program  Input) 
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Section  III:  Sizes 

These  questions  refer  to  the  amount  of  computer  storage  space  that  would 
be  required  to  hold  various  items  of  information. 

38.     The  size  of  the  field  that  would  be  required  to  hold  one  item  of 
"additional  data".  "Additional  data"  is  information  that  is  not 
currently  part  of  a  record  but  which  may  be  considered  necessary 
to  a  proper  interpretation  of  the  record.    Examples  would  include 
the  ultimate  disposition  of  an  arrest  or  the  fact  that  an  unpaid 
bill  is  disputed. 


Number  of  Characters 

39.     How  many  times  per  year  would  you  expect  to  add  such  an  item  of 
"additional  information"  to  a  record? 

NADY 


Times/Yr.  (Cross  Check  Only,  NADY  Computed 

By  Program) 

40.     The  number  of  characters  of  storage  that  would  be  allotted  to 
store  the  dissenting  opinion  of  a  data  subject: 

SCLM 


Number  of  Characters 


41.    The  size  of  an  entry  in  the  record  usage  log.    This  entry  must 

contain  the  date  and  purpose  of  the  access  and  the  identity  of  the 
individual  and  organization  making  the  inquiry: 


...aoe... 

Number  of  Characters 
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42.      What  retention  time  do  you  think  is  appropriate  for  record  usa^e 
information? 

(Not  a  Program  Input) 


43.    The  number  of  computer  instructions  that  would  be  executed  to 
generate  a  usage  log  entry  is: 

IWUL 


Number  of  Instructions 


44.    The  number  of  computer  instructions  that  would  be  executed  to 

reference  the  "next"  record  in  a  sequential  scan  of  the  entire  file 
i  s : 

...l^QN...  (Already  in  Program) 

Number  of  Instructions 


45.    The  number  of  computer  instructions  that  would  be  executed  to 

generate  a  hardcopy  of  all  the  information  relevant  to  a  specific 
individual  is  (not  counting  the  time  needed  to  locate  and  access 
the  information): 

IINT 


Number  of  Instructions 


46.      The  amount  of  computer  time  required  for  auditing  and  program 
verification  purposes  is: 

TADT 


Number  of  Hours 
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Section  V:  Man-hours 

These  questions  deal  with  the  amount  of  human  time,  administrative  or 
clerical,  required  to  perform  the  specified  functions. 

47.      How  many  man-hours  of  auditing  time  per  year  would  be  required  to 
assure  that  the  system  was  in  compliance  with  the  Privacy  Act? 

_HADT 
Number  Hours/Yr. 


48.    How  many  man-hours  of  administrative  time  would  be  required  to 
redesign  each  data  collection  form  to  include  the  appropriate 
notices  to  potential  data  subejcts? 

Hours/ Form 


49.      How  many  man-hours  of  administrative  time  would  be  needed  to 
develop  an  appropriate  set  of  security  policies? 

...HSPL... 

Hours  .  ~  ' 


50.     How  many  man-hours  of  administrative  time  would  be  needed  to 

evaluate  and  reach  a  decision  on  a  data  subject's  complaint  about 
the  validity  of  his  record? 

HJDG 

Hours  '  ,. 


51.      How  many  man-hours  of  clerical  time  would  be  needed  to  prepare  and 
enter  a  subject's  claim  concerning  his  record? 

HPCL. 

Hours 


52.      How  many  man-hours  of  clerical  time  would  be  required  to  generate 
a  notification  to  a  data  subject? 

HGSN 


Hours 
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53. 


How  iDany  man-hours  of  clerical  time  would  be  needed  to  accept  and 
process  a  subject's  inquiry  concerning  his  record? 


. .  WNQ. . . . 


Hours 


54.    How  many  man-hours  per  year  would  have  to  be  devoted  to  security 
related  tasks  such  as  guarding  equipment  and  data,  and  checking 
personnel  identification?  (see  additional  checklist) 

HGRD 


Hours 


55.    How  long  would  it  take  to  manually  verify  the  identity  of  an 
individual  submitting  a  transaction  offline? 

HUID 

Hours 


56.    How  many  man-hours  would  be  required  (on  the  average)  to  collect 
a  required  item  of  "additional  data"? 

HCAD 


Hours 


57.      How  many  man-hours  would  be  required  to  reverify  the  accuracy  and 
timeliness  of  an  old  record? 


HVER 


Hours 


58.      How  many  hours  of  training  in  security  and  privacy  policies  and 
procedures  would  be  required  for  each  person  involved  in  the 
operation  of  your  system? 

HTRC 


Hours 

59.    How  many  hours  of  training  in  security  and  privacy  policies  and  pro- 
secure  would  be  required  for  each  user  of  the  system? 

. .  Mm  - . . 

Hours 

Are  you  responsible  for  this  training?   


47 


Section  VI 


Prograimning  Time 


A  nuinher  of  proposed  privacy  regulations  would  appear  to  require  the  modi- 
fication of  existing  data  handling  programs,  and  in  some  cases,  the 
creation  of  entirely  new  ones.    These  questions  are  designed  to  get  at 
the  amount  of  work  required  to  accomplish  this.    If  your  system  already 
includes  a  capability  listed  below,  please  so  indicate. 

How  many  man-hours  of  programming  time  (including  program  design,  coding, 
testing  and  documentation)  would  be  required  to: 

60.      Support  the  system  auditing  function: 
PADT 


Total  Hours 


61.    Enable  the  operating  system  to  check  and  confirm  the  identity  of  a 
user: 

PUID 


Total  Hours 


62.      Enable  the  generation  of  a  notice  to  each  data  subject: 

PNOT 


Total  Hours  • 


63.      Permit  checking  the  authorization  of  each  access  on  the  basis  of 
user  identification  and  stated  purpose:    '  ■ 

PWAC  1 . ; 


Total  Hours 


64.    Include  the  capability  for  checking  the  "verification  date"  field 

each  time  a  record  is  retrieved,  and  keeping  a  list  of  records  older 
than  a  specified  date: 

PCVD  i  ^ 


Total  Hours 
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65.  Provide  for  the  "subject's  claim"  field  in  each  record  and  ensure 
that  it  is  included  with  all  responses  from  an  individual's  record 

. .  PPCI-. . . . 

Total  Hours 

66.  Implenient  the  usage  log,  including  the  creation,  storage,  and 
retrieval  of  usage  records: 

f  LOG  

Total  Hours 

67.  Retrieve  all  of  the  data  relevant  to  a  particular  individual: 

PREJ  

Total  Hours 

68.  Print  an  individual's  record  in  "comprehensible"  form: 

PINT  

Total  Hours 

69.  Provide  for  the  adding  or  removal  of  entries  in  a  record's  access 
control  field? 


PACC 


Total  Hours 
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Section  VII :  Counts 

This  section  asks  for  estimates  of  a  few  miscellaneous  numbers. 

70.  The  number  of  times  per  year  that  a  new  application  might  be  expected 
to  be  added  to  the  system  is: 

...NNUS... 

New  Appl ications/Yr. 

71.  The  fraction  of  mailed  requests  to  data  subjects  that  would  have  to 
be  repeated  because  the  subject  failed  to  respond  the  first  time  is: 

_FRPT  _  _ 

Percent 

72.  The  dollar  value  of  additional  hardware  required  to  maintain  the 
usage  log  is: 

Total  Dollars 

73.  The  dollar  value  of  additional  hardware  needed  to  provide  system 
and  data  security  is: 

,KSEC  i  ;  ' 

Total  Dol lars 

74.  Does  your  organization  send  a  regular  mailing  (at  least  once  a  year) 
to  all  data  subjects? 

Yes.qr  ,No  ,  (Not  a  Program  Input) 


75.    What  is  your  estimate  of  the  fraction  of  the  initial  programming 

cost  of  a  system  that  is  expended  annually  for  ongoing  maintenance 
of  that  system? 

FMNT  PRGMNT 


Percent 
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76.    What  fraction  of  the  data  subjects  of  this  system  would  you  expect 

to  refuse  permission  to  have  their  records  used  tor  some  new  purpose? 

FOBJ 


Percent 


77.    What  fraction  of  the  data  subjects  of  this  system  would  you  expect 
to  enquire  (per  year)  about  the  existence  and  content  of  their 
records? 

FREI 
Percent 


78.    Of  those  data  subjects  enquiring  about  the  contents  of  their  record, 
what  fraction  would  you  expect  to  enquire  about  the  usage  made  of 
the  record? 

.FRUI 
Percent 


79.    Of  those  data  subjects  enquiring  about  the  contents  of  their  record, 
what  fraction  would  you  expect  to  dispute  some  aspect  of  the  record? 

. .  .mi . . . 

Percent 


80.    What  fraction  of  the  disputes  concerning  an  individual's  record 
would  you  expect  to  be  settled  through  a  review  procedure? 

FRDS  _ 
Percent 
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Comments 

,  suggestions,  and  questions  should  be  addressed  to: 

John  L.  Berg 

Privacy  Model 

Systems  and  Software  Division 

Room  A-265,  Building  225 

National  Bureau  of  Standards 

Washington,  D.C.  20234 

Machine- 

readable  copies  of  the  Privacy  Model  Computer  Program 

are  available 

through  the  National  Technical  Information  System. 

i  • 


IISCOMM-NBS  DC 
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